Invalid column name?!

Discussion in 'Programming' started by bassguru1234, Aug 18, 2009.

0
  1. #1
    Hello everyone,
    I'm passing a variable over a URL. The value is user01.

    The problem is that an error message occurs stating that there is an incorrect column name?! Here is the code below and the error message:

    <cfquery name="userQuery" datasource="xxxxx" username="xxxxx" password="xxxxx">
    SELECT admin FROM users WHERE username="#url.promo#"
    </cfquery>

    It comes up with the following error:

    [Macromedia][SQLServer JDBC Driver][SQLServer]Invalid column name 'user01'.

    Please help.

    Many thanks in advance,
    Bassguru1234
     
    bassguru1234, Aug 18, 2009 IP
  2. Paul_K

    Paul_K Greenhorn

    Messages:
    85
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    18
    #2
    <cfquery name="userQuery" datasource="xxxxx" username="xxxxx" password="xxxxx">
    SELECT admin
    FROM users
    WHERE username= <cfqueryparam cfsqltype="cf_sql_varchar" value="#url.promo" />
    </cfquery>

    This should help you out. It is good practice to use cfqueryparam to help with SQL injection.
     
    Paul_K, Aug 18, 2009 IP